Configure Traffic Flow Confidentiality (TFC)

 

If your data policy is configured for Tunnel mode you can use Traffic Flow Confidentiality (TFC) to conceal the actual length of the data packets transferred over a VPN connection.

TFC adds extra padding to the packets being sent and sends dummy packets with different lengths at random intervals to conceal the actual length of the packets. Use TFC for extra security against attackers who might guess the type of data being sent from the length of the packet. When you enable TFC you gain more security, but at the cost of system performance. Therefore, you should test your systems performance before and after you enable TFC on a VPN connection. TFC is not negotiated by IKE, and user should only enable TFC when both systems support it.

To enable TFC on a VPN connection follow these steps:

  1. In iSeries™ Navigator, expand your server > Network > IP Policies > Virtual Private Networking > Secure Connections > All Connections.

  2. Right-click the connection you want to enable TFC and select Properties.

  3. On the General tab select Use Traffic Flow Confidentiality (TFC) when in Tunnel Mode.

 

Parent topic:

Configuring VPN